EU-U.S. Privacy Shield/European data transfers

When Adobe transfers personal information from customers across national borders, we do so in compliance with applicable law.

How does Adobe transfer your EU personal data?

For our individual users and customers whose use of Adobe websites and apps results in the transfer of personal information from the European Economic Area (EEA) or Switzerland to non-EEA countries, we rely on one or more of the following legal mechanisms: the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, Standard Contractual Clauses, and consent of the individual.

Adobe Inc. (our U.S. entity) has certified that it complies with the Privacy Shield Principles for transfers of your personal information from the EEA and Switzerland in connection with Adobe websites and apps that include a link to the Adobe Privacy Policy. The certification does not apply to websites and apps from Fotolia and TubeMogul (see the additional Adobe Privacy Policies page). More information about our certification to the Privacy Shield is provided below.

Additional information about Adobe’s privacy practices relating to our individual users and customers is available in the section of the Adobe Privacy Center titled “What does Adobe do with your personal information?”

How does Adobe transfer EU personal data on behalf of our business customers?

For our business customers whose use of Adobe solutions results in the transfer of personal information from the EEA or Switzerland to non-EEA countries, Adobe relies on the following legal mechanisms: the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and Standard Contractual Clauses. More information about our certification to the Privacy Shield is provided below. Regarding the Standard Contractual Clauses, Adobe has prepared a Data Processing Agreement (DPA) that includes the Standard Contractual Clauses (SCCs). If you are an Adobe business customer and want to enter into a DPA and SCCs with Adobe, please request those documents from us.

Additional information about Adobe’s privacy practices in relation to our business customers is available in the section of the Adobe Privacy Center titled “What do Adobe’s business customers do with your information?”

Adobe Privacy Shield certification

Adobe Inc. (our U.S. company) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA) and Switzerland to the United States. Our certification does not apply to personal information collected in connection with Fotolia and TubeMogul websites and apps. To learn more about the Privacy Shield program, or to view the certification for Adobe Inc., please see https://www.privacyshield.gov/.

As described in the Privacy Policy, for individual users who reside outside of North America, your relationship is with Adobe Systems Software Ireland Limited, which is the “data controller” with regard to your personal information collected by Adobe. Your personal information may be transferred to Adobe Inc. (Adobe U.S.) under our Privacy Shield certification or other legal transfer mechanisms, as described above.

With respect to personal information processed on behalf of our EEA and Swiss business customers, under EU privacy laws, Adobe Systems Software Ireland Limited (Adobe Ireland) is generally considered a “data processor.” For example, an EEA business customer may use Adobe Sign to process documents containing names, email addresses, and other personal information about its consumers. As part of Adobe providing services to the business customer, this personal information of consumers may be transferred by Adobe Ireland to Adobe U.S. under our Privacy Shield certification or Standard Contractual Clauses, as described above.

Additional descriptions about how we treat personal information that is transferred in reliance on Privacy Shield are available in the following sections of the Adobe Privacy Policy:

The types of third parties to which personal information may be disclosed (including when Adobe is required to disclose personal information to lawful requests by public authorities, including to meet national security or law enforcement requirements). Please note that when Adobe U.S. uses service providers to process personal information received in reliance on Privacy Shield, it is responsible if that service provider processes the information in violation of the Privacy Shield Principles (unless Adobe U.S. can prove that it’s not responsible for the service provider’s action that violated the Principles).

Adobe U.S. complies with the Privacy Shield Principles whenever it receives personal information from the EEA and Switzerland in reliance on the Privacy Shield.

If you have a question or complaint about our compliance with the Privacy Shield Principles, please email us at privacy@adobe.com. If we do not resolve your complaint, Adobe has chosen to cooperate with a dispute resolution provider established by the Data & Marketing Association (DMA), who will hear such complaints (more information). You may also have a right to invoke binding arbitration for unresolved complaints (more information). Adobe U.S. is subject to the investigatory and enforcement powers of the FTC.